Ruby: Use API graph subclassing in Rails modelling

Now that API graphs have basic subclassing support, we can simplify some
of the ActiveRecord and ActionController code.

Author: hmac

ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll

@@ -4,22 +4,9 @@ private import codeql.ruby.controlflow.CfgNodes
 private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.ast.internal.Module
+private import codeql.ruby.ApiGraphs
 private import ActionView
 
-private class ActionControllerBaseAccess extends ConstantReadAccess {
-  ActionControllerBaseAccess() {
-    this.getName() = "Base" and
-    this.getScopeExpr().(ConstantAccess).getName() = "ActionController"
-  }
-}
-
-// ApplicationController extends ActionController::Base, but we
-// treat it separately in case the ApplicationController definition
-// is not in the database
-private class ApplicationControllerAccess extends ConstantReadAccess {
-  ApplicationControllerAccess() { this.getName() = "ApplicationController" }
-}
-
 /**
  * A `ClassDeclaration` for a class that extends `ActionController::Base`.
  * For example,
@@ -35,16 +22,13 @@ private class ApplicationControllerAccess extends ConstantReadAccess {
  */
 class ActionControllerControllerClass extends ClassDeclaration {
   ActionControllerControllerClass() {
-    // class FooController < ActionController::Base
-    this.getSuperclassExpr() instanceof ActionControllerBaseAccess
-    or
-    // class FooController < ApplicationController
-    this.getSuperclassExpr() instanceof ApplicationControllerAccess
-    or
-    // class BarController < FooController
-    exists(ActionControllerControllerClass other |
-      other.getModule() = resolveConstantReadAccess(this.getSuperclassExpr())
-    )
+    this.getSuperclassExpr() =
+      [
+        API::getTopLevelMember("ActionController").getMember("Base"),
+        // In Rails applications `ApplicationController` typically extends `ActionController::Base`, but we
+        // treat it separately in case the `ApplicationController` definition is not in the database.
+        API::getTopLevelMember("ApplicationController")
+      ].getASubclass*().getAUse().asExpr().getExpr()
   }
 
   /**

ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll

@@ -7,20 +7,6 @@ private import codeql.ruby.ast.internal.Module
 private import codeql.ruby.ApiGraphs
 private import codeql.ruby.frameworks.StandardLibrary
 
-private class ActiveRecordBaseAccess extends ConstantReadAccess {
-  ActiveRecordBaseAccess() {
-    this.getName() = "Base" and
-    this.getScopeExpr().(ConstantAccess).getName() = "ActiveRecord"
-  }
-}
-
-// ApplicationRecord extends ActiveRecord::Base, but we
-// treat it separately in case the ApplicationRecord definition
-// is not in the database
-private class ApplicationRecordAccess extends ConstantReadAccess {
-  ApplicationRecordAccess() { this.getName() = "ApplicationRecord" }
-}
-
 /// See https://api.rubyonrails.org/classes/ActiveRecord/Persistence.html
 private string activeRecordPersistenceInstanceMethodName() {
   result =
@@ -41,26 +27,28 @@ private predicate isBuiltInMethodForActiveRecordModelInstance(string methodName)
 }
 
 /**
- * A `ClassDeclaration` for a class that extends `ActiveRecord::Base`. For example,
+ * A `ClassDeclaration` for a class that inherits from `ActiveRecord::Base`. For example,
  *
  * ```rb
  * class UserGroup < ActiveRecord::Base
  *   has_many :users
  * end
+ *
+ * class SpecialUserGroup < UserGroup
+ * end
  * ```
  */
 class ActiveRecordModelClass extends ClassDeclaration {
   ActiveRecordModelClass() {
     // class Foo < ActiveRecord::Base
-    this.getSuperclassExpr() instanceof ActiveRecordBaseAccess
-    or
-    // class Foo < ApplicationRecord
-    this.getSuperclassExpr() instanceof ApplicationRecordAccess
-    or
     // class Bar < Foo
-    exists(ActiveRecordModelClass other |
-      other.getModule() = resolveConstantReadAccess(this.getSuperclassExpr())
-    )
+    this.getSuperclassExpr() =
+      [
+        API::getTopLevelMember("ActiveRecord").getMember("Base"),
+        // In Rails applications `ApplicationRecord` typically extends `ActiveRecord::Base`, but we
+        // treat it separately in case the `ApplicationRecord` definition is not in the database.
+        API::getTopLevelMember("ApplicationRecord")
+      ].getASubclass*().getAUse().asExpr().getExpr()
   }
 
   // Gets the class declaration for this class and all of its super classes

ruby/ql/test/library-tests/frameworks/ActiveRecordInjection.rb

@@ -93,4 +93,4 @@ class BazController < BarController
   def yet_another_handler
     Admin.delete_by(params[:admin_condition])
   end
-end
+end